Privacy and Cookie Policy of Moto GS WorldTours Germany/Croatia

PRIVACY POLICY & COOKIE POLICY (MOTOGS WORLDTOURS)

Valid for: motogsworldtours.com (tour website)

Status: 26.12.2025

1. Controller

MotoGS WorldTours – Tour Operator (sole proprietorship)
Owner: Frank Merklinger
Seffnerstraße 2, 06217 Merseburg, Germany
VAT ID no.: DE358041050
E-mail: info@motogsworldtours.com
Telephone/WhatsApp: +49 151 44288997

2. Data protection contact

For all data protection requests (access, deletion, objection, withdrawal of consent), please use: info@motogsworldtours.com

3. Legal bases

We process personal data in accordance with the GDPR. Depending on the purpose, we base processing in particular on:

• Art. 6(1)(b) GDPR (contract / pre-contractual measures – e.g. registration, booking processing, tour organisation)
• Art. 6(1)(c) GDPR (legal obligations – e.g. retention of business records)
• Art. 6(1)(f) GDPR (legitimate interests – e.g. IT security, stable website operation, prevention of misuse)
• Art. 6(1)(a) GDPR (consent – e.g. statistics/marketing cookies, newsletter, WhatsApp group)

For cookies and similar technologies, the Telecommunications-Digital-Services Data Protection Act (TDDDG) also applies. Non-essential cookies/tracking are used only after consent.

4. Hosting & server log files

Our website is technically operated/hosted by:
WMD d.o.o. (WMD Hosting)
Augustina Harambašića 10, 43000 Bjelovar, Croatia

4.1 Server log files

When you access the website, the web server automatically records information (e.g. IP address, date/time, page/file accessed, referrer URL, browser type, operating system, amount of data transferred).

Purpose: Provision of the website, ensuring stability and security, error analysis and defence against attacks.
Legal basis: Art. 6(1)(f) GDPR.
Retention period: We arrange regular deletion/anonymisation; log data is generally stored only as long as required for security and operational purposes. In the event of security-relevant incidents, longer retention may be necessary for clarification.

5. Contact (e-mail / contact form)

If you contact us by e-mail or via a contact form, we process the data you provide (name, e-mail address, telephone number and the content of the message).

Purpose: Handling your request and communication.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual/contractual) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication).
Retention period: until final processing; beyond that only insofar as retention is required for legal reasons or a legitimate interest exists.

6. Tour registration & booking processing

When registering for a tour, we typically process master data and booking data (e.g. name, address, contact details, date of birth, place of birth, passport number, nationality, riding experience, room preference, motorcycle preference and free-text information). The data is transmitted to our server for technical processing and is usually also provided to us additionally by e-mail.

Purpose: Processing registration, checking availability, organising bookings, communication and carrying out tour organisation.
Legal basis: Art. 6(1)(b) GDPR.

6.1 Special categories of personal data

If, in individual cases, information on health/allergies etc. becomes necessary, we process this data only insofar as it is necessary for carrying out the tour and processing is permissible under Art. 9 GDPR (in practice usually: explicit consent).

7. Recipients in the course of tour performance

To carry out the tour, we may disclose data to recipients insofar as this is necessary – typically:

• Accommodation/hotels (usually: name and travel dates/room allocation)
• Guides/subcontractors (usually: participant names)
• Local motorcycle providers (usually: name, address/identification data and booking/hand-over data)
• Transport/ferries/activities (usually: participant names and booking data)

Purpose: Provision of the travel services.
Legal basis: Art. 6(1)(b) GDPR.
We only transfer the data that is required for the specific part of the service.

8. Invoicing & accounting

For processing bookings and issuing invoices, we process the necessary data (e.g. name, address, invoice items, payment status).

Purpose: Billing, documentation, accounting.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR.
Retention period: in accordance with statutory retention obligations (regularly up to 10 years for tax-relevant documents).

Note: We do not offer online card payments on the tour website. Payment processing is generally carried out by invoice/bank transfer.

9. WhatsApp Business & tour WhatsApp group (opt-in)

We use WhatsApp Business for communication. The provider in Europe is generally:
WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

9.1 1:1 communication
If you contact us via WhatsApp, we process the communication data to respond and organise the tour (Art. 6(1)(b) GDPR or (f) GDPR – depending on the content).

9.2 Tour WhatsApp group
We only add you to a tour group if you have expressly agreed beforehand (opt-in). In a group, other participants may see, among other things, your telephone number and profile name.

Legal basis for adding you to the group: Art. 6(1)(a) GDPR (consent).
Withdrawal: You can withdraw your consent at any time with effect for the future; you can also leave the group at any time. Participation in the tour is also possible without joining the group.

10. Photo/video (advertising & marketing) – only with consent

We use photo and video recordings for advertising and marketing purposes only if you have expressly consented to this.

Legal basis: Art. 6(1)(a) GDPR (consent).
Withdrawal: possible at any time with effect for the future (e.g. by e-mail to info@motogsworldtours.com).

11. Newsletter (Mailchimp)

We use Mailchimp to send newsletters.
Provider: The Rocket Science Group LLC d/b/a Mailchimp, 405 N Angier Ave. NE, Atlanta, GA 30308, USA.

Data: e-mail address, possibly name (if provided), technical delivery and interaction data (e.g. opens/clicks), if activated.
Purpose: Sending information/newsletters.
Legal basis: Art. 6(1)(a) GDPR (consent).
Unsubscribe/withdrawal: at any time via the unsubscribe link in the newsletter or by e-mail to us.

Third-country transfer: As Mailchimp is based in the USA, processing in a third country may take place. We base such transfers – where required – on appropriate safeguards (e.g. EU Standard Contractual Clauses) and further protective measures, if necessary.

12. Cookies, consent management & tracking

We use cookies and similar technologies. We distinguish between:

• Technically necessary cookies (necessary for operating the website)
• Optional cookies (e.g. statistics/marketing), which are only set/read after consent

12.1 Cookie consent tool (Cookiebot)

We use Cookiebot (Usercentrics A/S) as a consent management platform:
Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Via Cookiebot you can give consent, refuse, or change it at any time. For this purpose, the “Cookie Settings” link is available on our website. Cookie Settings

12.2 Google Tag Manager

We use the Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to centrally manage analytics and marketing tags. The Tag Manager itself primarily serves for management and only triggers tracking functions if the corresponding tags are active.

Legal basis: Art. 6(1)(a) GDPR (consent) – insofar as cookies/tracking are triggered.

12.3 Google Analytics

If you have consented, we use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to measure reach and optimise our website.

Legal basis: Art. 6(1)(a) GDPR (consent).

12.4 Google Ads conversion tracking

If you have consented, we use Google Ads conversion tracking (Google Ireland Limited) to measure the effectiveness of ads.

Legal basis: Art. 6(1)(a) GDPR (consent).

12.5 Microsoft/Bing (analytics/conversion)

If you have consented, we use technologies from the Microsoft/Bing environment (e.g. Microsoft Advertising/UET) to evaluate campaigns and measure website interactions.

Provider (EEA): Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Dublin D18 P521, Ireland.
Legal basis: Art. 6(1)(a) GDPR (consent).

13. YouTube video on the homepage (embedded as an iFrame)

A video is embedded on our homepage that is hosted on YouTube. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When loading and/or playing the embedded YouTube video, technical data may be transmitted to YouTube/Google (in particular IP address and device/browser information). Cookies and similar technologies may also be used.

Important: The YouTube video is loaded on our website only after your consent via the cookie banner (Cookiebot). You can change or withdraw your consent at any time via “Cookie Settings”. Cookie Settings

Third-country transfer: Depending on the constellation, processing/transfer to third countries (e.g. USA) cannot be ruled out. Further information can be found in Google/YouTube’s privacy notices.

14. Social media (Facebook, Instagram, Pinterest) & external links

We link to our social media presences. If you use these links, you leave our website; from then on, the data processing of the respective platform applies.

Information on providers (EEA):

• Meta Platforms Ireland Limited (Facebook/Instagram), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
• Pinterest Europe Ltd., Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland
• YouTube/Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

15. Retention period (overview)

We store personal data only as long as necessary for the respective purpose. Beyond that, we store data only insofar as there are statutory obligations (e.g. tax retention) or insofar as this is necessary to assert/defend claims.

16. Your rights

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR) – in particular to processing based on legitimate interests
• Withdrawal of consent (Art. 7(3) GDPR) – at any time with effect for the future

17. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The authority responsible for our registered office in Saxony-Anhalt is:

State Commissioner for Data Protection Saxony-Anhalt
Otto-von-Guericke-Straße 34a, 39104 Magdeburg, Germany
Website: datenschutz.sachsen-anhalt.de

18. Data security

We use technical and organisational measures to protect data against loss, manipulation and unauthorised access. However, 100% protection cannot be guaranteed on the internet.

19. Changes to this privacy policy

We update this privacy policy if our processes, tools or legal requirements change. The current version published on this website shall apply.